Notifications
Clear all
Topic starter
10/06/2026 10:39 pm
TL;DR: Unlicensed operators and AI-enabled fraud are scaling faster than current safeguards in iGaming, with regulators and operators now forced to rethink how player protection works across borders, according to SumSub’s live podcast episode from ICE Barcelona. Isolated controls are no longer enough when enforcement, education, and data sharing have to operate across multiple jurisdictions.
NHIMG editorial — based on content published by SumSub: What The Fraud? live episode on player protection, AI-enabled fraud, and cross-border enforcement
Questions worth separating out
Q: How should gaming operators respond to AI-enabled fraud that crosses borders?
A: Operators should move from isolated account checks to shared risk signals, campaign-level monitoring, and consistent escalation paths across markets.
Q: Why does unlicensed operator activity create a wider governance problem?
A: Unlicensed activity widens the governance problem because it breaks the assumption that one operator can protect the entire player journey.
Q: How can teams tell whether player protection controls are actually working?
A: Teams should look for repeated abuse patterns being detected early, consistent escalation decisions across jurisdictions, and reduced reliance on manual exception handling.
Practitioner guidance
- Strengthen cross-border identity signal sharing Identify which player-risk indicators can be shared consistently across operators, regulators, and partners, then define what gets normalised at the policy layer and what remains locally controlled.
- Correlate fraud across the full player lifecycle Link onboarding, payment, device, and session data so suspicious behaviour is evaluated as a pattern across the player journey rather than as isolated events.
- Test controls against coordinated abuse campaigns Run scenarios where the same fraud pattern is reused across multiple accounts, brands, or jurisdictions to see whether the control stack detects repetition or only individual anomalies.
What's in the full article
SumSub's full podcast episode covers the operational detail this post intentionally leaves for the source:
- The live discussion between Kris Galloway, Olabimpe Akingba, Ludovico Calvi, and Sarah Gardner on where player protection is breaking.
- First-hand commentary on how regulators, operators, and technology providers divide enforcement responsibility in practice.
- Additional discussion of underage exposure risks and the role of player education in prevention.
- The live-event context from ICE Barcelona, which adds practitioner detail not covered in this analysis.
👉 Read SumSub's What The Fraud? live discussion on player protection →
AI-enabled fraud in gaming: what it means for protection controls?
Explore further
11/06/2026 2:46 am
Player protection is now an identity governance problem, not a single fraud control. The article shows that regulators, operators, and technology providers are all part of the same enforcement chain, which means the failure is structural when coordination is weak. In governance terms, the question is no longer whether one control works in isolation, but whether the operating model can sustain consistent decisions across jurisdictions. Practitioners should treat player protection as a lifecycle and policy alignment issue.
A few things that frame the scale:
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
- Organisations maintain an average of 6 distinct secrets manager instances, which creates fragmentation that undermines centralised control.
A question worth separating out:
Q: Who is accountable when fraud prevention fails in regulated gaming?
A: Accountability usually sits with multiple parties at once, including the operator, the regulator, and the technology provider, because the control chain spans all three. The practical test is whether each party knows its role in prevention, detection, and enforcement. If responsibilities are vague, fraud will exploit the gaps between policy ownership and operational execution.
👉 Read our full editorial: Player protection is breaking under industrialised fraud in gaming
